[PATCHES RESEND] idmap_rfc2307 module

[Christof Schmitt]

Christian Ambach <ambi at samba.org> wrote on 09/18/2012 06:34:36 PM:

> On 08/29/2012 02:41 PM, Andrew Bartlett wrote:
> 
> > Now, a real-world site trumps theoretical objections, and this module
> > has a specialist role in an environment that is more strictly 
user/group
> > delineated, but I wanted to explain my reasoning so you could see if
> > there is any other way you could avoid embedding such a delineation
> > while finding only the 'right' users.
> 
> Think of this module as a pimped version of idmap_ad that has the same 
> restrictions, but to make it work with the enhanced concepts of 
> sidhistory and groups owning files, SFU (or any other directory storing 
> rfc2307 records) would have to be enhanced as well to cope with that 
> approach. So long it must be acceptable as inherit restriction that 
> using these modules will result in the same restrictions that Samba < 
> 4.0 always had.
> 
> As I couldn't find anything else in the patches I would dislike, I would 

> have pushed them now, but they do not apply to master anymore.
> 
> Christof, would you please provide an updated patchset?
> And please make sure the module gets built by default (as long as the 
> prereqs were found during configure time) so we do not accidentally 
> break it in the future.

My understanding is that Andrew wants to see tests first. I am hoping
to have the time to continue working on the tests for the PAC
interface and this now.

A quick remark about the different handling for users and groups: This
module queries the mappings from RFC2307 style records. User mappings
are read from posixAccount records and group mappings are read from
posixGroup mappings, so there is already some inherent difference
between users and groups with the approach in this module.

Regards,

Christof Schmitt || IBM || SONAS System Development || Tucson, AZ
christof.schmitt at us.ibm.com  ||  +1-520-799-2469  (T/L: 321-2469)